Wireshark Portable

Introduction

You can now install Wireshark onto a PortableApps enabled device that will allow you to run Wireshark on any Windows XP & 2000 machine that you plug the device into. There is no need to run the normal Wireshark installation package, Wireshark will be ready to run as soon as the machine recognises the device.

PortableApps provides a USB flash drive with a mechanism for launching applications directly from the drive. There is no need to run a specific installation program. When you remove the drive, not trace of the applications are left on the machine.

As well as the Wireshark application, all of your Wireshark preferences will be stored on the USB flash drive. So that whichever machine you run Wireshark on your will always get your own preferences. This happens even when a Wireshark has been conventionally installed on the machine.

PortableApps Package

You can build an experimental version of WiresharkPortable from the latest version of the Wireshark sources.

The packaging uses the same "Nullsoft Install System" (NSIS) that is used by the standards Wireshark windows installer. However, an additional plug-in for NSIS is required for the WiresharkPortable packaging. This plug-in, FindProcDLL, can be downloaded from http://nsis.sourceforge.net/Find_Process_By_Name and is required to ensure that only one copy of Wireshark is running.

Use the packaging_papps target in the top-level Wireshark directory.

% nmake -f makefile.nmake packaging_papps

This will result in a single file called wireshark-<version>.paf.exe in the directory packaging/portableapps/win32 .

Installing PortableWireshark

To install the package, choose the 'Options/Install New App' option from the main PortableApps menu and select the file 'wireshark-<version>.paf.exe'. The will result in a short Wizard that will install the package on your USB flash device and result in a new menu item being added to the main PortableApps menu.

Ini File Settings

The Wireshark Portable Launcher will look for an ini-file called WiresharkPortable.ini within its directory. It is only necessary to have a ini-file if you wish to change the default configuration. There is an example ini-file included within the package that you can move to the correct location. The ini-file is formatted as follows:

The WiresharkDirectory entry should be set to the directory relative to the directory containing the Wireshark Portable Launcher (WiresharkPortable.exe) which contains the Wireshark binaries and libraries. This entry must be present and the default is App/Wireshark.

The WiresharkExecutable entry allows you to specify the Wireshark Portable Launcher to use an alternate EXE call to launch Wireshark. The default is wireshark.exe.

The AdditionalParameters entry allows you to pass additional commandline parameter entries to wireshark.exe.

The DisableWinPcapInstall allows you to disable the automatic installation of WinPcap when it is not present on the host system. The default is false.

The WinPcapInstaller allows you to specify a different WinPcap installer than the default one included in the distribution. For example, if you wish to download a later version of WinPcap and have that installed instead. For the release 1.0 of Wireshark this was WinPcap_4_0_2.exe, currently the default is WinPcap_4_1_beta5.exe.

Known Issues

If WinPcap is not installed on the machine, WiresharkPortable will install it when and starts, and remove it when it exits. This can become tedious if WiresharkPortable is started many times.